Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
...
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
BrianX7c
5c7ab6fe86
[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT)
...
Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio
Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com>
2023-11-18 11:07:37 +01:00
Paul Elliott
9e25936241
Rename mutex->is_valid to mutex->state
...
Rename struct member to make it more representative of its current use.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:14:16 +00:00
Paul Elliott
3774637518
Make threading helpers tests thread safe
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:49 +00:00
Paul Elliott
5fa986c8cb
Move handling of mutex->is_valid into threading_helpers.c
...
This is now a field only used for testing.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:05 +00:00
Valerio Setti
9b7a8b2a0c
ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 11:48:00 +01:00
Valerio Setti
8db46e4ee1
check_config: remove dependency check of CCM_C/GCM_C on CIPHER_C
...
CCM_C/GCM_C can now work with either (in order of preference) CIPHER_C
or BLOCK_CIPHER_C and the latter is auto-enabled in case the former
is not enabled. As a consequence there is no need to enforce the
dependency on CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 10:58:27 +01:00
Valerio Setti
dbfd6a9f62
adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 10:56:00 +01:00
Yanray Wang
4ed8691f6d
ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 15:20:57 +08:00
Manuel Pégourié-Gonnard
dc848955d6
Merge pull request #8519 from mpg/block-cipher
...
[G2] Add internal module block_cipher
2023-11-15 11:53:22 +00:00
Manuel Pégourié-Gonnard
9e80a91f27
Merge pull request #8164 from yanrayw/adjust_tfm_configs
...
Adjust how we handle TF-M config files
2023-11-15 08:21:27 +00:00
Valerio Setti
a56eb46ce6
adjust_legacy_from_psa: fix comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-15 09:18:14 +01:00
Valerio Setti
c2d68f5611
adjust_legacy_from_psa: treat CCM and CCM* separately
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-15 09:16:37 +01:00
Valerio Setti
cab5eff98c
adjust_config_synonyms: make CCM and CCM* indipendent
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-15 09:16:37 +01:00
Jerry Yu
fedaeb21b3
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-15 13:59:07 +08:00
Jerry Yu
6c485dad44
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-15 10:18:47 +08:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323
...
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
Tom Cosgrove
08ea9bfa1f
Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data
...
TLS 1.3: Rename early_data and max_early_data_size configuration function
2023-11-10 19:35:46 +00:00
Manuel Pégourié-Gonnard
5f3361c0c6
Temporary hack to pacify check_names.py
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 12:24:11 +01:00
Manuel Pégourié-Gonnard
21718769d1
Start adding internal module block_cipher.c
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 11:21:17 +01:00
Valerio Setti
01c4fa3e88
ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h
...
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Yanray Wang
111159b89c
BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:03:23 +08:00
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377
...
Fixes "CSR parsing with critical fields fails"
2023-11-08 18:07:04 +00:00
Dave Rodgman
9eb2abd1e0
Add docs re Everest license
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:17 +00:00
Dave Rodgman
28d40930ae
Restore bump version
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:08 +00:00
Yanray Wang
d137da5a93
check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 19:17:44 +08:00
Yanray Wang
30769696e7
Merge remote-tracking branch 'origin/development' into adjust_tfm_configs
2023-11-08 10:00:24 +08:00
Matthias Schulz
c55b500343
Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-07 16:47:37 +01:00
Yanray Wang
0751761b49
max_early_data_size: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24
early data: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Yanray Wang
0d76b6ef76
Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT
...
If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-06 10:02:10 +08:00
Yanray Wang
956aa00202
check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with PSA
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-06 10:02:10 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
...
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Yanray Wang
b799eea123
check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-02 12:38:01 +08:00
Yanray Wang
e367e47be0
mbedtls_config: add new config option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
...
With the introduction of negative option
MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we don't need to implicitly enable
it through PSA.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-02 12:36:41 +08:00
Dave Rodgman
b351d60e99
Merge remote-tracking branch 'origin/development' into msft-aarch64
2023-11-01 13:20:53 +00:00
Yanray Wang
b67b47425e
Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-31 17:22:06 +08:00
Yanray Wang
5779096753
Merge remote-tracking branch 'origin/development' into adjust_tfm_configs
2023-10-31 13:39:07 +08:00
Valerio Setti
d531dab4f6
check_config: let SSL_TLS depend on either CIPHER_C or USE_PSA_CRYPTO
...
TLS code already implements proper dispatching to either
builtin or PSA implementations based on USE_PSA guards, so we can
improve the check_config guards to reflect this.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
c5d9dd262b
adjust_psa_from_legacy: enable ALG_STREAM_CIPHER on when CIPHER_C is defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:12:06 +02:00
Valerio Setti
c1d50b6314
check_config: fix dependency of PSA_CRYPTO_C on CIPHER_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:12:06 +02:00
Ronald Cron
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello
...
TLS 1.3: EarlyData SRV: Add early data extension parser.
2023-10-26 08:31:53 +00:00
Dave Rodgman
6e51abf11d
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 15:17:11 +01:00
Dave Rodgman
48b965d941
Update clang version requirements
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
4b8e8dc043
Improve compiler version checking + docs + testing for armclang
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
18838f6c1a
Fix docs for MBEDTLS_AESCE_C
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
d69d3cda34
Merge pull request #8298 from daverodgman/sha-armce-thumb2
...
Support SHA256 acceleration on Armv8 thumb2 and arm
2023-10-24 21:23:15 +00:00
Dave Rodgman
514590210b
Merge remote-tracking branch 'origin/development' into sha-armce-thumb2
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-23 15:35:07 +01:00
Valerio Setti
bd24d95c27
legacy_from_psa: fix support for PSA_ACCEL_ALG_[STREAM_CIPHER/ECB_NO_PADDING]
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-23 15:01:52 +02:00
Matthias Schulz
edc32eaf1a
Uncrustified
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-10-19 16:09:08 +02:00
Yanray Wang
08e9423f14
Merge remote-tracking branch 'origin/development' into adjust_tfm_configs
2023-10-19 17:44:47 +08:00
Yanray Wang
893623fb28
PBKDF2-AES-CMAC: remove not needed preprocessor directive
...
PBKDF2-AES-CMAC works if we provide the driver of AES-CMAC or
KEY-TYPE-AES or both. So if PBKDF2-AES-CMAC is requested via PSA,
we don't need to additionally enable builtin AES-CMAC or builtin
KEY-TYPE-AES.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-19 16:13:34 +08:00
Gilles Peskine
6407f8fc54
Merge pull request #8322 from valeriosetti/issue8257
...
Improve location of MD_CAN macros
2023-10-18 14:31:28 +00:00
Matthias Schulz
ab4082290e
Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-10-18 13:20:59 +02:00
Manuel Pégourié-Gonnard
c6d633ffbc
Merge pull request #8297 from valeriosetti/issue8064
...
Change accel_aead component to full config
2023-10-18 07:15:59 +00:00
Valerio Setti
2f00b7a5da
cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-17 11:43:34 +02:00
Manuel Pégourié-Gonnard
6d42921633
Require at least on curve for ECP_LIGHT
...
ECP_LIGHT is not usable without any curve, just the same as ECP_C.
We forgot to update this check when introducing the ECP_LIGHT subset.
Note: the message doesn't mention ECP_LIGHT as that's not a public
config knob, hence the message with "ECP_C or a subset" (that's how it's
referred to in user-facing documentation such as
docs/driver-only-builds.md).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-17 10:01:33 +02:00
Valerio Setti
9fc1f24331
md: restore md.h includes in source files directly using its elements
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 14:39:38 +02:00
Yanray Wang
aa01ee303a
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-10-16 17:38:32 +08:00
Valerio Setti
596ef6c0b1
cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 11:26:08 +02:00
Dave Rodgman
3e52184923
Make macro definition more consistent with similar defns
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-16 09:25:59 +01:00
Dave Rodgman
0a48717b83
Simplify Windows-on-Arm macros
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-16 09:25:59 +01:00
Valerio Setti
5f5573fa90
cipher: reintroduce symbol for legacy AEAD support
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-13 17:29:27 +02:00
Dave Rodgman
7821df3e8b
Adjust use of deprecated in Doxygen
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-13 09:39:11 +01:00
Dave Rodgman
d85277c62e
Doxygen fixes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-13 09:22:54 +01:00
Valerio Setti
193e383686
check_config: fix typo causing build issues with only CCM enabled
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-13 09:37:24 +02:00
Valerio Setti
db1ca8fc33
cipher: keep MBEDTLS_CIPHER_HAVE symbols private
...
This commit also improve the usage of these new symbols in
cipher_wrap code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-12 10:39:54 +02:00
Valerio Setti
e570704f1f
ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-12 10:39:37 +02:00
Jerry Yu
7a799ccacd
Share early_data_status
between server and client
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:02:01 +08:00
Jerry Yu
02e3a074a3
Add max_early_data_size into ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:00:26 +08:00
Bence Szépkúti
9b0c8164eb
Merge pull request #8330 from KloolK/extern-c
...
Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled
2023-10-11 16:19:39 +00:00
Dave Rodgman
b0d9830373
Merge branch 'development' into sha-armce-thumb2
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-11 13:53:41 +01:00
Valerio Setti
02a634decd
md: remove unnecessary inclusions of mbedtls/md.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:15:58 +02:00
Valerio Setti
6bd3d9b166
cipher: fix missing spaces
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Valerio Setti
d0411defa2
cipher: add internal symbols for AEAD capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Valerio Setti
e7bac17b5d
test: keep SSL_TICKET_C and SSL_CONTEXT_SERIALIZATION enabled
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Dave Rodgman
be7915aa6c
Revert renaming of SHA512 options
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-11 10:59:05 +01:00
Bence Szépkúti
cffd7135c6
Merge pull request #8328 from yanrayw/sha256_context_guard
...
sha256_context: guard is224 by MBEDTLS_SHA224_C
2023-10-11 09:13:33 +00:00
Ronald Cron
a89d2ba132
Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name
...
Adapt to new PSA Crypto repo name
2023-10-11 06:45:30 +00:00
Dave Rodgman
5b89c55bb8
Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 15:14:57 +01:00
Dave Rodgman
fe9fda81aa
Rename MBEDTLS_ARCH_IS_ARMV8 to MBEDTLS_ARCH_IS_ARMV8_A
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 15:14:56 +01:00
Dave Rodgman
f097bef6ea
Refer to Armv8-A (not Armv8) in docs
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 15:14:30 +01:00
Dave Rodgman
c5861d5bf2
Code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 14:01:54 +01:00
Dave Rodgman
6ab314f71d
More config option renaming
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 14:00:17 +01:00
Dave Rodgman
94a634db96
Rename A64 config options
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 12:59:29 +01:00
Ronald Cron
7871cb14a7
Include psa/build_info.h instead of mbedtls/build_info.h
...
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-10-10 09:35:22 +02:00
Jan Bruckner
946720aac5
Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-10-09 16:53:41 +02:00
Yanray Wang
29db8b061d
sha256.h: add guard for is224 in sha256 context
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-09 18:09:47 +08:00
Ronald Cron
070e8652d5
Adapt to new PSA Crypto repo name
...
Patterns I looked for:
grep -i "psa-crypto"
grep -i "psa.*crypto.*repo"
grep -i "psa.*crypto.*root"
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-10-09 10:26:18 +02:00
Thomas Daubney
540324cd21
Correct styling of Mbed TLS in documentation
...
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-10-06 17:07:24 +01:00
Valerio Setti
85d2a98549
md: move definitions of MBEDTLS_MD_CAN to config_adjust_legacy_crypto.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-06 16:04:49 +02:00
Dave Rodgman
7ed619d3fa
Enable run-time detection for Thumb and Arm
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 09:39:56 +01:00
Dave Rodgman
bfe6021e85
Improve docs
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 08:31:22 +01:00
Dave Rodgman
ca92f50e12
Update docs for MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 08:24:55 +01:00
Dave Rodgman
8690859097
Improve docs
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 17:40:25 +01:00
Minos Galanakis
31ca313efa
Bump version to 3.5.0
...
```
./scripts/bump_version.sh --version 3.5.0
```
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 22:02:18 +01:00
Minos Galanakis
1a3ad265cc
Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 21:57:51 +01:00
Dave Rodgman
cc5bf4946f
Make SHA256 depend on Armv8, not aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-03 18:02:56 +01:00
Dave Rodgman
5ed7b2dec2
Introduce MBEDTLS_ARCH_IS_ARMV8
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-03 18:02:31 +01:00